<?php
/**
 * @package common
 */
require_once "_constants.php";
require_once "_exceptions.php";
require_once "_sitecontext.php";

/**
 * Class which helps to decide wheter to yes or not.
 */
class Policy {
	/** Password minimum lenth */
	const PASSWORDLENGHT = 5;
	
	/**
	 * Decide if $imgtype is acceptable type of image or not
	 * 
	 * @param string $imgtype - mime type of image
	 * @return bool
	 */
	public static function possibleImgType(string $imgtype) {
		return (($imgtype == "image/gif")
				|| ($imgtype == "image/jpeg")
				|| ($imgtype == "image/jpg")
				|| ($imgtype == "image/pjpeg")
				|| ($imgtype == "image/png"));
	}
	
	/**
	 * Decide if $filename has allowed picture extension
	 *
	 * @param string $filename
	 * @return bool
	 */
	public static function possibleImgExt(string $filename) {
		return (preg_match("/.*\.png$/i", $filename)
				|| preg_match("/.*\.jpg$/i", $filename)
				|| preg_match("/.*\.jpeg$/i", $filename)
				|| preg_match("/.*\.gif$/i", $filename));
	}
	
	/**
	 * Decide if $filename is possible code file.
	 *
	 * @param string $filename
	 * @return bool
	 */
	public static function possibleCodesFile(string $filename) {
		return (preg_match("/^codes/", $filename) && preg_match("/.xml$/", $filename));
	}
	
	/**
	 * Decide if password is strength enough.
	 *
	 * @param string $password
	 * @param boole $returnArray - if return array of localized string with password weaknes description
	 * @return bool | string | array
	 */
	 public static function possiblePassword(string $password, $returnArray = false) {
		$resultStr = array();
		$info = SiteContext::getSiteContext();
		$cm = CodeManager::getCodeManager($info);
		if (!preg_match("/[0-9]/", $password))
			$resultStr[] = $cm->get("10001");
		if (strlen($password) < self::PASSWORDLENGHT)
			$resultStr[] = $cm->get("10002");
		if (!preg_match("/[a-zA-Z]/", $password))
			$resultStr[] = $cm->get("10003");
			
		if (!isset($resultStr[0]))
			return true;
		else if ($returnArray)
			return $resultStr;
		else 
			return $resultStr[0];
	}
	
	/**
	 * Get thumbnail prefix for images
	 * @return string
	 */
	public static function imageThumbnailPrefix() {
		return Constants::IMG_THUMBPREFIX;
	}
	
	/**
	 * Get thumbnail suffix for images
	 * @return string
	 */
	public static function imageThumbnailSuffix() {
		return "_" . Constants::IMG_THUMBMAXSIZE;
	}
	
	/**
	 * Get full picture prefix for image
	 * @return string
	 */
	public static function imageFullPicPrefix() {
		return Constants::IMG_FULLPICPREFIX;
	}
	
	/**
	 * Get full picture suffix for image
	 * @return string
	 */
	public static function imageFullPicSuffix() {
		return "_" . Constants::IMG_FULLPICMAXSIZE;
	}
	
	/**
	 * Get full picture prefix for image in a thumb view
	 * @return string
	 */
	public static function imageFullPicThumbViewPrefix() {
		return Constants::IMG_FULLPICTHUMBVIEWPREFIX;
	}
	
	/**
	 * Get thumbnail prefix for image in a thumb view
	 * @return string
	 */
	public static function imageThumbPicThumbViewPrefix() {
		return Constants::IMG_THUMBPICTHUMBVIEWPREFIX;
	}
	
	/**
	 * Get full picture suffix for image in a thumb view
	 * @return string
	 */
	public static function imageFullPicThumbViewSuffix() {
		return "_" . Constants::IMG_FULLPICTHUMBVIEWMAXSIZE;
	}
	
	/**
	 * Get thumbnail suffix for image in a thumb view
	 * @return string
	 */
	public static function imageThumbPicThumbViewSuffix() {
		return "_" . Constants::IMG_THUMBPICTHUMBVIEWMAXSIZE;
	}
	
	/**
	 * Wheter is in admin view or not.
	 * It simply checks if anonymous is signed in or somebody else
	 * 
	 * @return bool
	 */
	public static function isAdminView() {
		return SiteContext::getSiteContext()->getCurrentUser()->login !=  Constants::WEB_DEFAULTUSER;
	}
	
	/**
	 * Rights
	 * full: no restriction
	 * restricted: can edit only himself and offers assigned to him
	 * none: can edit only himself
	 * 
	 * @param string $level - level of rights
	 * @return bool - has or has not
	 */
	private static function hasCurrentUserRights($level) {
		$user = SiteContext::getSiteContext()->getCurrentUser();
		if (is_null($user->group)) {
			// database
			$dbConnector = SiteContext::getSiteContext()->getDBConnector();
			$res = $dbConnector->query("select users.group from users where id = $user->id limit 1");
			$arr = mysql_fetch_array($res);
			$user->group = $arr[0];
		}
		if (!self::isAdminView()) {
			return false;
		}
		if ($level == Constants::GROUP_FULL) {
			if ($user->group == Constants::GROUP_FULL) {
				return true;
			} else {
				return false;
			}
		} elseif ($level == Constants::GROUP_RESTRICTED) {
			if ($user->group == Constants::GROUP_FULL || $user->group == Constants::GROUP_RESTRICTED) {
				return true;
			} else {
				return false;
			}
		} elseif ($level == Constants::GROUP_NONE) {
			return true;
		} else {
			throw new ExceptionIllegalState("not known level '$level'");
		}
	}
	
	/**
	 * Check if current user has at least full rights.
	 * 
	 * @return bool - wheter has or hasn't rights
	 */
	public static function hasCurrentUserAtLeastFullRights() {
		return self::hasCurrentUserRights(Constants::GROUP_FULL);
	}
	
	/**
	 * Check if current user has at least restricted rights.
	 * 
	 * @return bool - wheter has or hasn't rights
	 */
	public static function hasCurrentUserAtLeastRestrictedRights() {
		return self::hasCurrentUserRights(Constants::GROUP_RESTRICTED);
	}
	
	/**
	 * Check if current user has at least none rights (but is not an anonymous user).
	 * 
	 * @return bool - wheter has or hasn't rights
	 */
	public static function hasCurrentUserAtLeastNoneRights() {
		return self::hasCurrentUserRights(Constants::GROUP_NONE);
	}
	
	/**
	 * Verify if user is at least in a group with none rights
	 * and throw an exception if not.
	 * 
	 * @throws ExceptionBadPrivileges
	 */
	public static function verifyAndHandleUserMustBeAtLeastGroupNone() {
		self::verifyAndHandleUserMustBeAtLeastLevel(Constants::GROUP_NONE);
	}
	
	/**
	 * Verify if user is at least in a group with restricted rights
	 * and throw an exception if not.
	 * 
	 * @throws ExceptionBadPrivileges
	 */
	public static function verifyAndHandleUserMustBeAtLeastGroupRestricted() {
		self::verifyAndHandleUserMustBeAtLeastLevel(Constants::GROUP_RESTRICTED);
	}
	
	/**
	 * Verify if user is at least in a group with full rights
	 * and throw an exception if not.
	 * 
	 * @throws ExceptionBadPrivileges
	 */
	public static function verifyAndHandleUserMustBeAtLeastGroupFull() {
		self::verifyAndHandleUserMustBeAtLeastLevel(Constants::GROUP_FULL);
	}
	
	/**
	 * 
	 * Verify if user is at least in a group with $level rights
	 * and throw an exception if not.
	 * 
	 * @throws ExceptionBadPrivileges
	 */
	private static function verifyAndHandleUserMustBeAtLeastLevel($level) {
		if (!self::hasCurrentUserRights($level)) {
			self::badPrivilegesError();
		}
	}
	
	/**
	 * Trigger bad privileges error and throw an exception.
	 * 
	 * @throws ExceptionBadPrivileges
	 */
	public static function badPrivilegesError() {
		$error = Error::getError();
		$cm = CodeManager::getCodeManager();
		
		$error->addErrorMessage($cm->get("30037"));
		throw new ExceptionBadPrivileges();
	}
}
?>